I have a project to build a voting desktop application for a class in Java. While security isn't the focus of the project, I would like to be as realistic as I can. What are some of the primary tools to integrate security into a Java application.
Edit: I'm not primarily worried about physical security, we are simply building an application not a whole system. I want to ensure votes are recorded correctly and not able to be changed or read by someone else.
It really depends on what kind of security you are looking to integrate. Do you want security to ensure that the user isn't running any debuggers or such to flip bits in your application to change the votes? Do you want to ensure that the user doesn't install logging software to keep track of who voted for who? Do you want to ensure that the person who is supposed to be voting is actually voting? Security is a very broad subject, and it's hard to give an answer without knowing what exactly you are looking for.
If you're looking for a "higher-level" explanation of this stuff (as in, not code), Applied Cryptography has quite a few relevant examples (and I believe a section on "secure elections" that covers some voting strategies).
I believe that physical security is more important for voting booth system rather than you know, code security.
These machine by their very nature shouldn't be connected to any kind of public networks, especially not the the internet. But having a good physical security to prevent any sort of physical tempering is very important.
I'm not primarily worried about physical security, we are simply building an application not a whole system. I want to ensure votes are recorded correctly and not able to be changed or read by someone else.
Putting to one side questions of protecting against physical tampering (e.g. of the underlying database), since you've stipulated that physical security is not the present concern...
I think the primary consideration is how to ensure that a given voter votes only once. At a paper poll, each registered voter is restricted to a particular booth/location and verification is done by name+SSN and a signature.
You might need a high resolution digital signature capture and therefore a touchscreen capture peripheral or a touch screen terminal. A more sophisticated approach would be a biometric scanner, but that would require government records of thumb/finger prints or retinal scan - I can already see the privacy advocates lining up at the lawyer's offices.
Another approach would be for the voter "registrar office" to issue digital keys to each voter prior to the election - a (relatively) short (cryptographically strong) random alpha/numeric key that is entered with the voter's name and/or SSN into the application. Knowledge of that key is required for that particular voter in that particular election. These keys would be issued by post in tamper-evident envelopes, like those used by banks for postal confirmation of wire transfers and delivery of PIN numbers. The key must include checksum data so that the user can have the entry of it immediately validated and it should be in groups of 4, so something like XXXX-XXXX-XXXX-CCCC.
Any other "secret" knowledge, such as SSN, is likely too easily discovered for a large percentage of the population (though we don't seem to be able to make credit-granting organizations understand this), and therefore is unsuitable for authentication.
Vote counting can be done by generating a public key encrypted data file which is transferred (by sneaker net?) to the central system. This must include the "voting booth" identity information and a record for each voter including their SSN and the digital key (or signature, or biometric data). Votes with invalid keys are eliminated. Multiple votes with the same key and same votes are treated as a single vote for that candidate. Multiple votes with the same key and different votes are flagged for fraud investigation (with the constituent contacted by phone, issued a new key, and directed to revote).
My company did lately app with very strong security. Maybe it helps.
It was java EE app.
Architecture is following:
Users are issued cryptography cards (you may want to use something less safe - eg. pgp), and are required by jsp pages to encrypt with them all input. Page contains component that connects to cryctography app, asks user for key passphrase, encrypts it with server public key and signs it with user private key, then submits.
Data is stored in external server then transferred to internal server, where it is decrypted and signature is verified, then data is processed and reencrypted, then it is sent to dirty server, and then user may get it.
So even if someone cracked the dirty server (even get hold of database) he would get mostly useless data.
I'd send encrypted and signed votes to server. It would assert two things:
Then get data from server, assert that everyone voted at most once count the votes, voila!
Your problem is that you need to identify the user reliably, so that you can prevent them from re-voting and accessing each others votes.
This is not any different from any other desktop application that requires authentication (and potentially authorization). If your voters are a closed group on a network with user accounts, you could integrate with the directory and require users to log in.
If voters do not have network user accounts, this is where it gets interesting. Each user will still need to authenticate with the application. You could generate accounts with passwords in the application and distribute this information securely prior to voting. Your application could ask users to select a password when the access the application for the first time.
Without knowing the specifics, it is hard give a more specific answer.
You are aware that electronic voting is an unsolved research problem? Large scale fraud should take a large effort.